Last year there was a 164 percent increase in cyber-attacks and global cyber security spend will reach $86.4 billion in 2017. Yet successful attacks continue to grow and the cyber skills gap, continues to widen.
We spoke to Titania, a leading expert in the field of security and compliance automation, who are helping organizations such as the Department of Defense, NATO and FBI introduce granular accuracy to their security and compliance processes.
What emerges is the belief that many companies are pouring money into technologically advanced versions of doing what they’ve always done. Some of these systems, like scanners, provide a ‘helicopter view’ of an organization’s defenses by bombarding networks with data and analyzing their responses. Others, such as monitoring systems, sit on a network and provide a live picture of network activity. Yet even with the “best of breeds” in these technologies, companies are still getting what they’ve always got – breaches are increasing. It seems something is missing.
Nicola Whiting, COO at Titania, says: “The world’s most secure networks leverage the combined strength of multiple technologies. Their goal is to create a combined solution which is stronger and more resilient than its individual components. Our clients have realized that to be effective this solution needs two complementary security perspectives, we’re global leaders in one of them.”
So, what’s missing?
Whiting talks about security systems being out of balance. “There are lots of “helicopter view” technologies. They create multiple queries and generate mass network traffic which is then extrapolated into the big picture view that’s essential for large enterprises. What’s missing is the “granular accuracy” needed to balance those systems.”
The strength of intelligent configuration auditing is in its accuracy and depth of detail. Internal systems data provides factual information that you can rely on. Autonomous audits can be performed by connecting over the network to the systems (online) or reading in configuration backups (offline). You can support air-gapped, remote or supply chain systems with the same solution, it’s highly flexible.
Through working with leading organizations, Titania have found that many security breaches come about through issues such as out-of-date software, misconfiguring devices or using weak passwords. These errors are very visible when analyzing internal system data, but difficult or even impossible to spot using external attacks or interrogations.
Organizations traditionally filled that gap with pen testers and audit teams, who provided line-by-line build reviews of internal system configuration & O/S data. It was highly accurate, but time consuming and costly (which typically meant only testing a small percentage of devices and on an infrequent basis). Titania’s goal was to free their pen-testing colleagues from boring but essential build reviews – and they developed was the world’s first ‘virtual auditor’.
We deliver the granular accuracy needed for organizations to meet their system compliance mandates and provide them the bedrock of specific information,that future autonomous “self-healing” systems will depend on
Titania found that they could help clients with huge complex infrastructures by supplying technology that can go ‘under the hood’ of their networked systems and deliver granular analysis at unprecedented scale. The same kind of accuracy, risks and remediation actions as human penetration testers deliver, but on an almost instant continual basis.
Crucially, it builds a virtual model of each device and then uses built-in human intelligence to analyze the interactions between different configuration options with the skills and inquisitiveness of a human pen-tester. Marrying the ‘Ying & Yang’ of ‘autonomous auditors’ and scanning technology creates a multi-layered solution combining external and internal analysis.
Effective security is about using the most applicable technologies– for many CIO’s this means advanced monitoring & scanning tools, intelligent configuration auditing systems and market leading SIEM solutions. There are two types of configuration auditing technologies, “find and match” text string analysis (grep) tools and solutions like Titania’s, with built-in AI / virtual modelling intelligence.
Grep configuration auditing is often available as a “bolt-on” module to supplement other technologies such as scanning or monitoring. Unfortunately, it’s prone to false positives and negatives. A recent independent lab test benchmarked Titania’s Nipper Studio against the market leading “text match” (grep) tool. The test was conducted using a Cisco router and industry standard compliance policy, the results were manually verified. The grep tool proved only 16.4% accurate (under the same conditions, Titania’s technology proved 100% accurate).
Titania believe that they, and their partners, will soon deliver autonomous mitigation solutions, a large step to finally giving companies fully self-monitoring, self-healing defense systems. This could reduce the cost of security and compliance and free up cyber experts from much of the time-consuming security ‘housekeeping’, allowing focus on other priorities.
Ensuring consistent security & compliance, including granular intelligence tools from companies like Titania makes a sound strategy for today and tomorrow.